Securely authenticate user accounts
| Test Case ID | TC102 |
| Test case designer | Aaro Kolu |
| Creation date | 21/02/2024 |
| Classification | Security |
| Origin Authentication | Use Case |
Test description / objective
The purpose of this test is to verify the secure authentication of user accounts according to the implemented requirements.
Pre-state
Before conducting the test, ensure that the authentication system is operational and configured with valid user credentials.
Test Steps
| Step | Verify | Some notes |
|---|---|---|
| 1. | Enter valid username and password | Ensure that the fields accept input |
| 2. | Submit the login form | Verify that the authentication request is sent securely |
| 3. | Check for SSL/TLS encryption | Ensure that the communication between client and server is encrypted |
| 4. | Verify backend authentication process | Confirm that the entered credentials are validated securely |
| 5. | Check for session management | Ensure that a secure session is established upon successful authentication |
| 6. | Attempt login with invalid credentials | Verify that invalid login attempts are appropriately handled |
| 7. | Check for brute-force protection | Ensure that there are measures in place to prevent brute-force attacks |
| 8. | Test for session timeout | Verify that inactive sessions are terminated after a predefined time |
| 9. | Test for cross-site scripting (XSS) vulnerabilities | Ensure that user input is properly sanitized to prevent XSS attacks |
| 10. | Test for SQL injection vulnerabilities | Ensure that user input is properly validated and sanitized to prevent SQL injection attacks |
End-State
After the test, the user should either be successfully authenticated and granted access or denied access if authentication fails. The system should maintain the security of user credentials and protect against various types of attacks.
Determination of test result (Pass / Fail Criteria)
- PASS condition: All steps execute successfully, and the system demonstrates secure authentication mechanisms, including encryption, proper credential validation, session management, protection against common vulnerabilities, and appropriate error handling.
- FAIL CONDITION: Any failure to securely authenticate users, lack of encryption, vulnerabilities such as XSS or SQL injection, session management issues, or inadequate protection against attacks constitutes a test failure.